import os

items = [ "info", "atmos", "water", "maritime", "yiwin" , "en" , "git"  , "marketing", "img", "pic", 
        "newsletter", "maillist", "page", "panel", "doc","video", "crm", "www"]

###  需要先在域名管理 获得key secret
SSL_Key="LTAI5t8KzUJ6FS1BxC5TKJJB"
SSL_Secret="qhkOSkHl82NHiRdUMRXbdzlpjOaRWp"

DOMAIN      = "yi-win.com"
TARGET_DIR  = "/www/server/panel/vhost/cert/"
ACMD_DIR    = "/root/.acme.sh/"+DOMAIN+"_ecc/"

renew = "acme.sh --cron --home /root/.acme.sh --force"

First_register = 0

EMAIL = "services@yi-win.com"
CONTACT = "\"mailto:services@yi-win.com\""
ORGANIZATION = "\"YIWIN\""
ORGANIZATIONALUNIT = "\"YIWIN ITTEAM\""

letsencrypt_server = " --server https://acme-v02.api.letsencrypt.org/directory"
zerossl_server = " --server https://acme.zerossl.com/v2/DV90"

# 尽可能少的刷新一次
# os.system(renew)

def  mcopy():
    for item in items:
        privkey_    = TARGET_DIR + item + "." + DOMAIN + "/privkey.pem"
        fullchain_  = TARGET_DIR + item + "." + DOMAIN + "/fullchain.pem"
        
        # cmd = "cp " + privkey_ + " " + privkey_ + ".2 "
        # # print(cmd)
        # os.system(cmd)
        # cmd = "cp " + ACMD_DIR + DOMAIN + ".key " + TARGET_DIR + item + "." + DOMAIN + "/privkey.pem "
        # # print(cmd)
        # os.system(cmd)
        
        cmd = "cp " + fullchain_ + " " + fullchain_ + ".2 "
        # print(cmd)
        os.system(cmd)
        cmd = "cp " + ACMD_DIR + "fullchain.cer " + TARGET_DIR + item + "." + DOMAIN + "/fullchain.pem "
        # print(cmd)
        os.system(cmd)

def mimport():
    cmd = "/root/.acme.sh/acme.sh --install-cert -d " + DOMAIN + " "
    for item in items:
        cmd = "/root/.acme.sh/acme.sh --install-cert -d " + DOMAIN + " "
        cmd += "--key-file   /www/server/panel/vhost/cert/" + item + "." + DOMAIN + "/fullchain.pem "
        cmd += "--fullchain-file   /www/server/panel/vhost/cert/" + item + "." + DOMAIN + "/fullchain.pem "
        cmd += "--reloadcmd     \"service nginx  reload --force\""

        try:
            return_code =os.system(cmd)
            if return_code == 0:
                print(f"域名 {item}.{DOMAIN} renew, install ok！")
            else:
                print(f"域名 {item}.{DOMAIN} {item}.{DOMAIN} renew, install FAIL！，状态码: {return_code} ， {cmd} ")
        except Exception as e:
            print(f"Error: {item}.{DOMAIN}  -- {cmd}")
        pass

mimport()


 
def register_domain_with_acme_sh(domain):
    """
    使用acme.sh注册域名并获取证书的函数

    参数:
    domain (str): 要注册获取证书的域名，例如 "example.com"
    """
    try:
        # 导入key
        if First_register ==1:
            command = f"export Ali_Key={"SSL_Key"}"
            return_code = os.system(command)
            command = f"export Ali_Secret={"SSL_Secret"}"
            return_code = os.system(command)
        
        # 构建acme.sh命令，这里以DNS验证方式为例（假设使用阿里云DNS，需提前配置好环境变量）
        # 你可以根据实际使用的DNS提供商修改 --dns 参数后面的内容
        # command = f"acme.sh --issue --dns dns_ali -d {domain} --debug"
        
        # command = f"acme.sh --issue --dns dns_ali -d {domain} -d *.{domain} --debug"
        
        command =  "acme.sh --issue --dns dns_ali -d "+ {domain} + "-d *."+ {domain}
        command += zerossl_server
        command += EMAIL
        command += CONTACT
        command += ORGANIZATION
        command += ORGANIZATIONALUNIT
        command += " --debug"
        
        # 执行命令，捕获输出和错误信息
        # result = subprocess.run(command, shell=True, capture_output=True, text=True)
        return_code = os.system(command)
        if return_code == 0:
            print(f"域名 {domain} 注册成功，证书获取成功！")
        else:
            print(f"域名 {domain} 注册出现问题，状态码: {return_code} ， {command} ")

    except Exception as e:
        print(f"域名 {domain} 注册失败 :{domain}  -- {str(e)}")
 
 
'''
acme.sh --issue -d example.com -w /var/www/html
比如 -d example.com -d www.example.com 用于同时为顶级域名和其对应的二级域名申请证书）
-w 参数指定了网站根目录的路径
--dns dns_ali 表示使用阿里云 DNS 进行验证

      acme.sh --issue --dns dns_ali -d example.com 
      --server https://acme-v02.api.letsencrypt.org/directory 
      --email your_company_email@example.com 
      --contact "mailto:your_company_email@example.com" 
      --organization "Your Company Name" 
      --organizationalunit "Your Company Department"
      
acme.sh 会将获取到的证书文件以及对应的私钥文件等保存到合适的位置（通常在 ~/.acme.sh/ 目录下对应域名的文件夹中）
'''
 
# export Ali_Key="LTAI5t8KzUJ6FS1BxC5TKJJB"
# export Ali_Secret="qhkOSkHl82NHiRdUMRXbdzlpjOaRWp"
# acme.sh --issue --dns dns_ali -d yi-win.com -d *.yi-win.com --debug

 

# for item in items:
#     cmd = "cp /www/server/panel/vhost/cert/doc.yi-win.com/privkey.pem   /www/server/panel/vhost/cert/doc.yi-win.com/privkey.pem.2"
#     os.system(cmd)
#     cmd = "cp /root/.acme.sh/yi-win.com_ecc/yi-win.com.cer    /www/server/panel/vhost/cert/doc.yi-win.com/privkey.pem"
#     os.system(cmd)
#     cmd = "cp /www/server/panel/vhost/cert/doc.yi-win.com/fullchain.pem   /www/server/panel/vhost/cert/doc.yi-win.com/fullchain.pem.2"
#     os.system(cmd)
#     cmd = "cp /root/.acme.sh/yi-win.com_ecc/fullchain.cer    /www/server/panel/vhost/cert/doc.yi-win.com/fullchain.pem"
#     os.system(cmd)


 
